Exim: is it possible to host mailman and exim on different hosts? Howto?
as of the documentation, https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht... , exim4 (and postfix similarly) need to have access to the mailman filesystem (MM3_HOME=/opt/mailman/var). If exim and MM would be on different hosts (or different docker environments), how would we need to configure that?
On Wed, Jun 17, 2020, at 12:53 AM, Jörg Schulz wrote:
as of the documentation, https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht... , exim4 (and postfix similarly) need to have access to the mailman filesystem (MM3_HOME=/opt/mailman/var). If exim and MM would be on different hosts (or different docker environments), how would we need to configure that?
You'd need to make sure that you share a mount between the container running exim and the container running Mailman Core so that they are able to share the directory which is created by Mailman and used by Exim to determine the existence of lists.
It is currently defined as
MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
And you need to make sure that the MM3_HOME is visible to Exim container.
Other than that, you just need to configure Exim to the right IP Mailman Core is listening at, which in the documentation is mostly "localhost".
I am not really sure how would you configure separate hosts though, which can't share a filesystem.
-- thanks, Abhilash Raj (maxking)
Jörg Schulz writes:
as of the documentation, https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht..., exim4 (and postfix similarly) need to have access to the mailman filesystem (MM3_HOME=/opt/mailman/var).
The reason for this access is only so that mailing list addresses can be detected automatically. Create a list, that creates certain files, and magic happens! -- that list is already routed in Exim.
If exim and MM would be on different hosts (or different docker environments), how would we need to configure that?
You could have static Exim routing for the lists, with a dedicated Exim transport to Mailman's LMTP server. That would require restarting Exim for every new or deleted list address. You could also provide some other way to communicate that information to Exim, but that "other way" is going to depend on requirements you haven't mentioned.
Your configuration is up to you, and we'll try to help you with whatever you want, but it seems to me that the easy solution is *two* installations of Exim (or something more lightweight if you prefer for the Mailman host), configure network access such that Mailman's MTA can only talk to the main MTA, and route all unknown addresses from the main MTA to Mailman's MTA, which will reject any addresses that aren't lists.
Alternatively, you could create a virtual subdomain say "lists.example.com", put your lists there, and make it inaccessible from the Internet (eg, an unroutable IP address) with MX the main MTA. Then only list traffic would go to Mailman's MTA, and also avoids the issue of another mailbox possibly shadowing[1] a list, or vice versa, on the main domain.
Steve
Footnotes: [1] Exim simply picks the first router that matches. It doesn't report that multiple routers match, so this kind of shadowing is hard to prevent. That may not be a problem in your environment, of course.
participants (3)
-
Abhilash Raj -
Jörg Schulz -
Stephen J. Turnbull